LimeSurvey 2.72.3 - Persistent XSS to Code Execution

5 min read 10 Apr 2018 by Robin Peraglie
LimeSurvey is an open source and commercial web application that enables its users to quickly design and setup scalable surveys. RIPS automatically detected two vulnerabilities in LimeSurvey < 2.72.3: An unauthenticated persistent cross-site scripting vulnerability (CVE-2017-18358) and an authenticated arbitrary file write vulnerability which can be chained.

Privilege Escalation in 2.3M WooCommerce Shops

13 min read 26 Feb 2018 by Karim El Ouerghemmi, Slavco Mihajloski
The WordPress plugin WooCommerce runs on approximately 2,300,000 live websites and is currently the most prominent eCommerce platform used on the Web. During our research we discovered a PHP Object Injection vulnerability in WooCommerce (CVE-2017-18356) that allows to escalate privileges with a unique and interesting injection technique.

Joomla! 3.8.3: Privilege Escalation via SQL Injection

5 min read 6 Feb 2018 by Karim El Ouerghemmi
Joomla! is one of the biggest players in the market of content management systems and the second most used CMS on the web. RIPS discovered a second-order SQL injection (CVE-2018-6376) that could be used by attackers to leverage lower permissions and to escalate them into full admin permissions on Joomla! prior version 3.8.4.

CubeCart 6.1.12 - Admin Authentication Bypass

8 min read 17 Jan 2018 by Robin Peraglie
CubeCart is an open source e-commerce solution. In one of our latest security analysis we found two flaws in this web application that allow an attacker to circumvent the authentication mechanism required to login as an administrator (CVE-2018-20716). Once bypassed, an attacker can execute arbitrary code on the web server and steal all sensitive files and data.

Shopware 5.3.3: PHP Object Instantiation to Blind XXE

8 min read 8 Nov 2017 by Karim El Ouerghemmi
Shopware is a popular e-commerce software. Within only 4 minutes, RIPS discovered two vulnerabilities in the code that bases on Symfony, Doctrine and the Zend Framework. In this blog post we investigate the exploitation of one of these: A rare PHP object instantiation vulnerability (CVE-2017-18357).